An HTTP cookie (Internet cookie, browser cookie) is a small piece of data (part of the http header) that a web server stores in a text file on the user’s (client’s) hard drive. This piece of information is then sent back to the server every time the browser requests a page from the server.
Typically, cookies contain personalized user data or information that is used to determine if two requests came from the same browser – for example, to log a user into a system or to communicate between different web pages. It memorizes stateful information for the stateless HTTP protocol.
The maximum cookie size is 4 kilobytes (4096 bytes), in some sources 4093 bytes.
Session cookies, also known as temporary cookies, only exist in temporary memory: while a user is browsing the webpage. Browsers usually delete these cookies when a user closes the browser. Session cookies do not expire, unlike other types, so browsers treat them as cookies per session.
Persistent cookies are deleted on a specific date or after a specific time, unlike session cookies. This means that information about the cookie is transmitted to the server every time the user visits the website to which these cookies belong. This is why persistent cookies are sometimes referred to as tracking cookies. They can be used by advertisers to record users’ preferences over a long time. However, they can also be used for “peaceful” purposes, for example, to avoid re-entering data each time you visit the web page.
Typically, the cookie domain attribute is the same as the domain that appears in the address bar of your web browser. This is called the first-party cookie. A third-party cookie, on the other hand, belongs to a domain other than the one written in the address bar. Third-party cookies usually appear when web pages have content from external websites, like, for example, banner ads. This allows tracking a user’s browsing history and is often used by advertisers to deliver relevant ads to a specific user.
A supercookie is a cookie with a top-level domain origin (eg .com) or a publicly available suffix (e.g. .co.uk). In contrast, regular cookies are derived from a specific domain name, such as example.com. Supercookies can be viewed as a potential security issue and are often blocked by browsers. If a browser unblocks a malicious website, an attacker could set a supercookie and potentially disrupt or impersonate legitimate user requests for another website that uses the same top-level domain or public suffix as the malicious website. For instance, a supercookie of .com domain might have a malicious impact on a request to example.com, even if it was not generated from that address. This can be used to forge logins or alter user information.
Leave an application and get a free consultation from our manager.